Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-8474

    OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic... Read more

    Affected Products : connect
    • Published: Jan. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-5594

    OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.... Read more

    Affected Products : openvpn
    • Published: Jan. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-28882

    OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session... Read more

    Affected Products : openvpn
    • Published: Jul. 08, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-28391

    SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, get... Read more

    Affected Products : prestashop b2b_quick_order_form
    • Published: Mar. 14, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2025-32454

    A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All ... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-30280

    A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-23363

    A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V... Read more

    Affected Products : teamcenter
    • Published: Feb. 11, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2024-56182

    A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29... Read more

    • Published: Mar. 11, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2024-56181

    A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2024-34347

    @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javas... Read more

    Affected Products : hoppscotch
    • Published: May. 08, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2023-52327

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 10, 2025

  • 8.8

    HIGH
    CVE-2023-47020

    Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited... Read more

    Affected Products : terminal_handler
    • Published: Feb. 08, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2023-37476

    OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vul... Read more

    Affected Products : openrefine
    • Published: Jul. 17, 2023
    • Modified: Jun. 10, 2025

  • 7.1

    HIGH
    CVE-2019-13939

    A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V... Read more

    • Published: Jan. 16, 2020
    • Modified: Jun. 10, 2025

  • 3.3

    LOW
    CVE-2024-5198

    OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.... Read more

    Affected Products : openvpn-gui ovpn-dco-win
    • Published: Jan. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2024-4090

    The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-S... Read more

    Affected Products : mystickymenu my_sticky_bar
    • Published: Aug. 01, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-6412

    The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : html_forms
    • Published: Jul. 31, 2024
    • Modified: Jun. 10, 2025

  • 9.1

    CRITICAL
    CVE-2024-26503

    Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.... Read more

    Affected Products : open_eclass_platform openeclass
    • Published: Mar. 14, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2024-26540

    A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.... Read more

    Affected Products : cimg clmg
    • Published: Mar. 15, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-6272

    The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : spidercontacts
    • Published: Jul. 31, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 293350 Results